CVE-2019-6675 — Improper Authentication in F5 Big-ip Domain Name System

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 66.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +8 more

Timeline

PublishedNov 26

Latest updateMay 24

Description

BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only impacts specific engineering hotfixes using the aforementioned authentication configuration. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. Th…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages13 packages

▶NVDf5/big-ip_domain_name_system15.0.1.0.33.11-eng_hotfix — 15.0.1.0.48.11-eng_hotfix+23

▶NVDf5/big-ip_analytics15.0.1.0.33.11-eng_hotfix — 15.0.1.0.48.11-eng_hotfix+23

▶NVDf5/big-ip_link_controller15.0.1.0.33.11-eng_hotfix — 15.0.1.0.48.11-eng_hotfix+23

▶NVDf5/big-ip_access_policy_manager15.0.1.0.33.11-eng_hotfix — 15.0.1.0.48.11-eng_hotfix+23

▶NVDf5/big-ip_local_traffic_manager15.0.1.0.33.11-eng_hotfix — 15.0.1.0.48.11-eng_hotfix+23

🔴Vulnerability Details

GHSA

GHSA-6pjw-wq93-mv92: BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vu↗2022-05-24

▶

CVEList

CVE-2019-6675: BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vu↗2019-11-26

▶

📋Vendor Advisories

CVE-2019-6675: BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with mul...↗2019-11-26

▶

External resources

NVD MITRE

Affected products11

F5 Big-ip Access Policy Manager≥ 15.0.1.0.33.11-eng_hotfix, ≤ 15.0.1.0.48.11-eng_hotfixvHotfix-BIGIP-14.1.0.3.0.79.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.97.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.99.6-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.15.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.36.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.40.5-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.11.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.14.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.68.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.70.9-ENG.iso, Hotfix-BIGIP-14.1.2.0.11.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.18.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.32.37-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.46.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.14.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.16.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.34.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.97.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.99.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.105.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.111.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.115.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.122.4-ENG.iso, Hotfix-BIGIP-15.0.1.0.33.11-ENG.iso, Hotfix-BIGIP-15.0.1.0.48.11-ENG.isov14.1.0.3.0.79.6-eng_hotfix+22 more

F5 Big-ip Advanced Firewall Manager≥ 15.0.1.0.33.11-eng_hotfix, ≤ 15.0.1.0.48.11-eng_hotfixv14.1.0.3.0.79.6-eng_hotfixv14.1.0.3.0.97.6-eng_hotfix+21 more

F5 Big-ip Analytics≥ 15.0.1.0.33.11-eng_hotfix, ≤ 15.0.1.0.48.11-eng_hotfixv14.1.0.3.0.79.6-eng_hotfixv14.1.0.3.0.97.6-eng_hotfix+21 more

F5 Big-ip Application Acceleration Manager≥ 15.0.1.0.33.11-eng_hotfix, ≤ 15.0.1.0.48.11-eng_hotfixv14.1.0.3.0.79.6-eng_hotfixv14.1.0.3.0.97.6-eng_hotfix+21 more

F5 Big-ip Application Security Manager≥ 15.0.1.0.33.11-eng_hotfix, ≤ 15.0.1.0.48.11-eng_hotfixv14.1.0.3.0.79.6-eng_hotfixv14.1.0.3.0.97.6-eng_hotfix+21 more

F5 Big-ip Domain Name System≥ 15.0.1.0.33.11-eng_hotfix, ≤ 15.0.1.0.48.11-eng_hotfixv14.1.0.3.0.79.6-eng_hotfixv14.1.0.3.0.97.6-eng_hotfix+21 more

F5 Big-ip Fraud Protection Service≥ 15.0.1.0.33.11-eng_hotfix, ≤ 15.0.1.0.48.11-eng_hotfixv14.1.0.3.0.79.6-eng_hotfixv14.1.0.3.0.97.6-eng_hotfix+21 more

F5 Big-ip Global Traffic Manager≥ 15.0.1.0.33.11-eng_hotfix, ≤ 15.0.1.0.48.11-eng_hotfixv14.1.0.3.0.79.6-eng_hotfixv14.1.0.3.0.97.6-eng_hotfix+21 more

F5 Big-ip Link Controller≥ 15.0.1.0.33.11-eng_hotfix, ≤ 15.0.1.0.48.11-eng_hotfixvHotfix-BIGIP-14.1.0.3.0.79.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.97.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.99.6-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.15.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.36.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.40.5-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.11.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.14.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.68.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.70.9-ENG.iso, Hotfix-BIGIP-14.1.2.0.11.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.18.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.32.37-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.46.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.14.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.16.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.34.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.97.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.99.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.105.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.111.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.115.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.122.4-ENG.iso, Hotfix-BIGIP-15.0.1.0.33.11-ENG.iso, Hotfix-BIGIP-15.0.1.0.48.11-ENG.isov14.1.0.3.0.79.6-eng_hotfix+22 more

F5 Big-ip Local Traffic Manager≥ 15.0.1.0.33.11-eng_hotfix, ≤ 15.0.1.0.48.11-eng_hotfixv14.1.0.3.0.79.6-eng_hotfixv14.1.0.3.0.97.6-eng_hotfix+21 more

Disclosure

PublishedNov 26, 2019

Latest updateMay 24, 2022